On 2013-03-12, Jiri B wrote:
> On Tue, Mar 12, 2013 at 03:59:27PM +, Stuart Henderson wrote:
>> For 2.7 uou must have the proxy configured specifically in your browser
>> for this to work - the SSL interception features are only in 3.x, and
>> the "server first" mode which works with transpare
On Tue, Mar 12, 2013 at 03:59:27PM +, Stuart Henderson wrote:
> For 2.7 uou must have the proxy configured specifically in your browser
> for this to work - the SSL interception features are only in 3.x, and
> the "server first" mode which works with transparent (a.k.a.
> interception) proxy ne
3 - - [12/Mar/2013:10:23:45 -0600] "CONNECT
clients3.google.com:443 HTTP/1.0" 200 4455 TCP_MISS:DIRECT
and so it looks like internal clients go to the squid proxy for HTTPS
urls. So why are people saying that transparent proxy will not work
for HTTPS? Or am I reading this log wrong? Pl
icp_access allow localnet
> icp_access deny all
>
> http_port 8080 transparent
>
> In my /var/squid/logs/access.log, I have entries such as
>
> 10.0.0.103 - - [12/Mar/2013:10:23:45 -0600] "CONNECT
> clients3.google.com:443 HTTP/1.0" 200 4455 TCP_MISS:DIRECT
>
http traffic. The browser is Firefox
13.0.1 and it uses the squid proxy for all protocols including HTTPS.
Vijay
Vijay Sankar, M.Eng., P.Eng.
ForeTell Technologies Limited
vsan...@foretell.ca
-
This message was sent using ForeTell-POST 4.9
On Tue, Mar 12, 2013 at 01:00:58PM +, Stuart Henderson wrote:
> On 2013-03-10, Rosen Iliev wrote:
> > Transparent proxy will not be useful for HTTPS connections.
> > To handle HTTPS you'll need not-transparent proxy.
>
> Actually squid 3.3 (not in ports yet) can do this using the
> sslbump MI
On 2013-03-10, Rosen Iliev wrote:
> Transparent proxy will not be useful for HTTPS connections.
> To handle HTTPS you'll need not-transparent proxy.
Actually squid 3.3 (not in ports yet) can do this using the
sslbump MITM feature.
I do transparent on mine, to save effort configuring proxies.
There is autoconfig, but some clients don't support it.
Some clients don't even support entering a proxy server.
... and I don't proxy https.
If I want control over who gets out, I use authpf.
nd host. I didn't test with other browsers.
Cheers,
Rosen
Alessandro Baggi wrote, On 3/10/2013 5:38 AM:
Hi list,
I'm plannig to setup a squid proxy for a network with about 120 User.
I have not great experience with proxying network that has over 20 user.
For this scenario, is bette
On Sun, Mar 10, 2013 at 04:35:15PM +0100, Alessandro Baggi wrote:
> Hi jirib,
> but if squid has problems (bad configuration, machine failure
> without failover) there are 120 pcs, that try to communicate with a
> failure proxy. At this point, how to solve? With transparent I can
> remove redirect
On 03/10/2013 05:21 PM, Sven Thomsen wrote:
Hi,
but if squid has problems (bad configuration, machine failure without
failover) there are 120 pcs, that try to communicate with a failure
proxy. At this point, how to solve? With transparent I can remove
redirect rule and forward web traffic direc
Hi,
> but if squid has problems (bad configuration, machine failure without
> failover) there are 120 pcs, that try to communicate with a failure
> proxy. At this point, how to solve? With transparent I can remove
> redirect rule and forward web traffic directly on internet but with
> non-transpar
On 03/10/2013 12:49 PM, Jiri B wrote:
On Sun, Mar 10, 2013 at 12:38:35PM +0100, Alessandro Baggi wrote:
Hi list,
I'm plannig to setup a squid proxy for a network with about 120 User.
I have not great experience with proxying network that has over 20 user.
For this scenario, is b
On Sun, Mar 10, 2013 at 12:38:35PM +0100, Alessandro Baggi wrote:
> Hi list,
> I'm plannig to setup a squid proxy for a network with about 120 User.
> I have not great experience with proxying network that has over 20 user.
> For this scenario, is better transparent or not-trasp
Hi list,
I'm plannig to setup a squid proxy for a network with about 120 User.
I have not great experience with proxying network that has over 20 user.
For this scenario, is better transparent or not-trasparent proxy?
I've searched on the web but can't get real experience pros
\
20 192.168.3.106 8080
rdr on $int_if proto tcp from $int_net to $ext_if port 80 -> \
127.0.0.1 port 5000
But I have one question, my proxy requires authentication before browsing,
how can I have the firewall also authenticate, because if I disable on the
squid proxy authenticat
c nc -w \
>20 192.168.3.106 8080
>
>
> rdr on $int_if proto tcp from $int_net to $ext_if port 80 -> \
>127.0.0.1 port 5000
>
>
> But I have one question, my proxy requires authentication before browsing,
> how can I have the firewall also auth
$ext_if port 80 -> \
127.0.0.1 port 5000
But I have one question, my proxy requires authentication before browsing,
how can I have the firewall also authenticate, because if I disable on the
squid proxy authentication, it works. If I enable it, all sites I try to
visit comes up with a page tha
Parvinder Bhasin wrote:
Hi,
How do I setup squid proxy server for authentication using NSCA? I
used the ports to install squid.
I can't find the NSCA auth module to allow me to do that.
Any help ..is highly appreciated.
Thanks
I figured it out. Just did search for auth_ncsa and foun
Hi,
How do I setup squid proxy server for authentication using NSCA? I used
the ports to install squid.
I can't find the NSCA auth module to allow me to do that.
Any help ..is highly appreciated.
Thanks
I posted this before in another thread, but figured I'd re-post it as
its own thread.
The set-up we have is a dedicated system running OpenBSD 4.2, Squid and
SquidGuard. Squid is running in transparent mode and is (obviously)
running as a transparent caching proxy, administratively blocking
certa
On Wed, 22 Jun 2005 19:35:37 -0500
Gordon Grieder <[EMAIL PROTECTED]> wrote:
> Hi,
>
> We've been testing a squid proxy at my workplace (~300 machines
> locally) on a smaller group of 60 machines. (used the Windows'
> "autodetect proxy" thing with some
Hi,
We've been testing a squid proxy at my workplace (~300 machines
locally) on a smaller group of 60 machines. (used the Windows'
"autodetect proxy" thing with some javascript on a local webserver to
get get our 'volunteers')
Our new machine arrived which will b
23 matches
Mail list logo
